Aggregator

CVE-2025-39966 | Linux Kernel up to 6.12.49/6.16.9 iommufd fput file descriptor consumption (Nessus ID 271558)

21 hours 48 minutes ago

A vulnerability classified as critical was found in Linux Kernel up to 6.12.49/6.16.9. This affects the function fput of the component iommufd. Such manipulation leads to uncontrolled file descriptor consumption. This vulnerability is uniquely identified as CVE-2025-39966. The attack can only be initiated within the local network. No exploit exists. Upgrading the affected component is advised.

vuldb.com

CVE-2025-39988 | Linux Kernel up to 5.15.193/6.1.154/6.6.108/6.12.49/6.16.9 etas_es58x ndo_change_mtu buffer overflow (Nessus ID 271561)

Vuldb Updates

21 hours 48 minutes ago

A vulnerability was found in Linux Kernel up to 5.15.193/6.1.154/6.6.108/6.12.49/6.16.9 and classified as critical. Affected by this issue is the function ndo_change_mtu of the component etas_es58x. The manipulation results in buffer overflow. This vulnerability is identified as CVE-2025-39988. The attack can only be performed from the local network. There is not any exploit available. It is suggested to upgrade the affected component.

vuldb.com

CVE-2025-39984 | Linux Kernel up to 6.12.49/6.16.9 net include/linux/skbuff.h skb_pp_cow_data use after free (Nessus ID 271562)

Vuldb Updates

21 hours 48 minutes ago

A vulnerability classified as critical was found in Linux Kernel up to 6.12.49/6.16.9. Affected by this vulnerability is the function skb_pp_cow_data in the library include/linux/skbuff.h of the component net. Executing manipulation can lead to use after free. This vulnerability is handled as CVE-2025-39984. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.

vuldb.com

CVE-2025-39998 | Linux Kernel up to 6.6.109/6.12.50/6.16.10/6.17.0 scsi target_core_configfs.c snprintf return value (EUVD-2025-34575 / Nessus ID 271557)

Vuldb Updates

21 hours 48 minutes ago

A vulnerability labeled as critical has been found in Linux Kernel up to 6.6.109/6.12.50/6.16.10/6.17.0. Affected is the function snprintf of the file /drivers/target/target_core_configfs.c of the component scsi. Such manipulation leads to unchecked return value. This vulnerability is documented as CVE-2025-39998. The attack requires being on the local network. There is not any exploit available. The affected component should be upgraded.

vuldb.com

CVE-2025-39981 | Linux Kernel up to 6.16.9 Bluetooth mgmt_pending use after free (Nessus ID 271563)

Vuldb Updates

21 hours 48 minutes ago

A vulnerability classified as critical has been found in Linux Kernel up to 6.16.9. Affected is the function mgmt_pending of the component Bluetooth. Performing manipulation results in use after free. This vulnerability is known as CVE-2025-39981. Access to the local network is required for this attack. No exploit is available. It is recommended to upgrade the affected component.

vuldb.com

CVE-2025-39978 | Linux Kernel up to 6.1.154/6.6.108/6.12.49/6.16.9 octeontx2-pf otx2_tc_add_flow use after free (Nessus ID 271564)

Vuldb Updates

21 hours 48 minutes ago

A vulnerability classified as critical was found in Linux Kernel up to 6.1.154/6.6.108/6.12.49/6.16.9. This vulnerability affects the function otx2_tc_add_flow of the component octeontx2-pf. The manipulation results in use after free. This vulnerability is known as CVE-2025-39978. Access to the local network is required for this attack. No exploit is available. Upgrading the affected component is advised.

vuldb.com

PhantomCaptcha: Sophisticated Phishing Used to Hijack Aid Groups

Penetration Testing Tools - Metepreter.org

21 hours 50 minutes ago

The PhantomCaptcha operation proved to be one of the most sophisticated phishing campaigns of recent months, directed at

The post PhantomCaptcha: Sophisticated Phishing Used to Hijack Aid Groups appeared first on Penetration Testing Tools.

ddos

盖茨的核电公司通过环评

Solidot

21 hours 54 minutes ago

比尔盖茨支持的核电公司 TerraPower 通过了美国核管理委员会的环评（Environmental Impact Statement），批准了核设施的建造许可证。TerraPower 的非核设施已从 2024 年 6 月开始建造。TerraPower 计划建造的凯默勒一号机组（Kemmerer Unit 1）将是美国首座使用液态钠冷却而不是水冷却的商业核反应堆。凯默勒是燃煤 Naughton 发电厂的所在地，该发电厂将于 2026 年停止使用燃煤，十年后停止燃烧天然气。TerraPower 项目将用一个 345 兆瓦的反应堆取代它，TerraPower 反应堆将开创性地使用许多以前未在商业上部署过的技术。其中包括需要最少换料的反应堆设计、液态钠冷却以及熔盐蓄热系统，该系统将为发电厂提供更好地与可再生能源整合必需的灵活性。

Mass Attack: Hackers Hit WordPress Plugins With 8.7M Exploits in 48 Hours

Penetration Testing Tools - Metepreter.org

21 hours 56 minutes ago

A widespread exploitation campaign has descended upon WordPress sites: attackers are targeting installations that use the GutenKit and

The post Mass Attack: Hackers Hit WordPress Plugins With 8.7M Exploits in 48 Hours appeared first on Penetration Testing Tools.

ddos

AI Sidebar Spoofing: New Attack Hides Phishing in Fake Browser Extensions

Penetration Testing Tools - Metepreter.org

21 hours 57 minutes ago

Researchers at SquareX have published a comprehensive report on a newly discovered vulnerability known as AI Sidebar Spoofing—a

The post AI Sidebar Spoofing: New Attack Hides Phishing in Fake Browser Extensions appeared first on Penetration Testing Tools.

ddos

DataCon2025报名启动：用数据，守护未来！ (文末抽奖）

网安国际

21 hours 59 minutes ago

在互联网威胁对抗悄然升级的当下，DataCon大数据安全分析竞赛犹如一颗璀璨的明星，照亮了网安人才前行的道路。10月17日DataCon2025报名通道开启，11月5日战火点燃，这不仅是一场技能的较量，更是一次顶尖智慧与真实威胁的碰撞。

How We (Almost) Found Chromium's Bug via Crash Reports to Report URI

Troy Hunt

22 hours ago

Tracking down bugs in software is a pain that all of us who write code must bear. When we're talking about outright errors in a web page, you typically have something to get you started (such as output in the console), but that wasn't the case

Troy Hunt

关于国家授时中心遭受美国国家安全局网络攻击事件的技术分析报告

深信服千里目安全实验室

22 hours 3 minutes ago

分享一篇文章。

【漏洞通告】Windows 服务器更新服务 (WSUS) 远程代码执行漏洞(CVE-2025-59287)

深信服千里目安全实验室

22 hours 3 minutes ago

2025年10月27日，深瞳漏洞实验室监测到一则Windows 服务器更新服务 (WSUS) 存在远程代码执行漏洞的信息，漏洞编号：CVE-2025-59287，漏洞威胁等级：高危。

CVE-2025-11682 | Perx Customer Engagement & Loyalty Platform up to 4.617.3 LMT Dashboard cross site scripting

VulDB Recent Entries

22 hours 4 minutes ago

A vulnerability was found in Perx Customer Engagement & Loyalty Platform up to 4.617.3. It has been classified as problematic. This impacts an unknown function of the component LMT Dashboard. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2025-11682. The attack is possible to be carried out remotely. No exploit exists. Upgrading the affected component is recommended.

vuldb.com

CVE-2025-12055 | MPDV Mikrolab MIP 2/FEDRA 2/HYDRA X Filename path traversal (EUVD-2025-36096)

Vuldb Updates

22 hours 7 minutes ago

A vulnerability, which was classified as critical, was found in MPDV Mikrolab MIP 2, FEDRA 2 and HYDRA X. This affects an unknown part. The manipulation of the argument Filename results in path traversal. This vulnerability is cataloged as CVE-2025-12055. The attack may be launched remotely. There is no exploit available.

vuldb.com